@Test
public void testListUsersByEnabledStatus_disabled() {
executeClassSql();
List<User> users = userDAO.listUsersByEnabledStatus(false);
assertEquals(1, users.size());
List<Integer> foundIds = new ArrayList<Integer>();
for (User user : users) {
foundIds.add(user.getId());
}
assertTrue(foundIds.contains(3));
}
private void fillProjectPortfolioData(ProjectPortfolioData data) {
HashMap<Project, String> userDataMap = new HashMap<Project, String>();
HashMap<Project, Integer> unassignedUserDataMap = new HashMap<Project, Integer>();
HashMap<Project, String> summaryLoadLeftMap = new HashMap<Project, String>();
HashMap<String, String> loadLeftData = new HashMap<String, String>();
HashMap<String, String> userOverheads = new HashMap<String, String>();
HashMap<String, String> totalUserOverheads = new HashMap<String, String>();
HashMap<String, Integer> unassignedUsersMap = new HashMap<String, Integer>();
Map<Project, List<User>> assignmentMap = new HashMap<Project, List<User>>(0);
Map<Project, List<User>> nonAssignmentMap = new HashMap<Project, List<User>>(0);
Set<String> keySet = new HashSet<String>();
Map<String, Integer> unassignedBlisMap = new HashMap<String, Integer>();
Collection<Project> projects = projectDAO.getOngoingProjects();
// Go trough all projects and bli:s
for (Project pro : projects) {
int assignedUsers = backlogBusiness.getNumberOfAssignedUsers(pro);
int unestimatedBlis = 0;
AFTime ongoingBliLoadLeft = new AFTime(0);
Set<User> allUsers = new HashSet<User>(this.backlogBusiness.getUsers(pro, true));
HashSet<User> projectAssignments =
new HashSet<User>(this.backlogBusiness.getUsers(pro, true));
List<User> nonAssignedUsers = new ArrayList<User>();
/*
* ArrayList<User> assignments = new ArrayList<User>(
* this.backlogBusiness.getUsers(pro, true));
*/
Collection<BacklogItem> blis = getBlisInProjectAndItsIterations(pro);
// Get overheads for users in this project
for (Assignment ass : pro.getAssignments()) {
if (ass.getDeltaOverhead() != null) {
userOverheads.put(
pro.getId() + "-" + ass.getUser().getId(), ass.getDeltaOverhead().toString());
AFTime total = new AFTime(0);
if (pro.getDefaultOverhead() != null) {
total.add(pro.getDefaultOverhead());
}
total.add(ass.getDeltaOverhead());
totalUserOverheads.put(pro.getId() + "-" + ass.getUser().getId(), total.toString());
} else {
if (pro.getDefaultOverhead() != null) {
totalUserOverheads.put(
pro.getId() + "-" + ass.getUser().getId(), pro.getDefaultOverhead().toString());
} else {
totalUserOverheads.put(pro.getId() + "-" + ass.getUser().getId(), "");
}
}
}
for (BacklogItem bli : blis) {
if (bli.getResponsibles() != null) {
ArrayList<User> responsibles = new ArrayList<User>(bli.getResponsibles());
if (bli.getEffortLeft() == null) {
unestimatedBlis++;
allUsers.addAll(bli.getResponsibles());
} else if (bli.getEffortLeft().getTime() != 0) {
ongoingBliLoadLeft.add(bli.getEffortLeft());
allUsers.addAll(bli.getResponsibles());
}
for (User resp : responsibles) {
keySet.add(pro.getId() + "-" + resp.getId());
// Calculate and add effort from bli to user(s) assigned
// Uses projectID-UserId as map key
String effortForUsr = loadLeftData.get(pro.getId() + "-" + resp.getId());
if (effortForUsr != null) {
AFTime usrLoadLeft = new AFTime(effortForUsr);
if (bli.getEffortLeft() != null) {
// Add effort to this user: (bli effort / number
// of people assigned)
AFTime newEffort = new AFTime(bli.getEffortLeft().getTime() / responsibles.size());
usrLoadLeft.add(newEffort);
loadLeftData.put(pro.getId() + "-" + resp.getId(), usrLoadLeft.toString());
}
} else { // no effort for user, create one
if (bli.getEffortLeft() != null) {
AFTime t = new AFTime(bli.getEffortLeft().getTime() / responsibles.size());
loadLeftData.put(pro.getId() + "-" + resp.getId(), t.toString());
}
}
// Check whether user is responsible for a bli in the
// project but is currently not assigned to it
if (!projectAssignments.contains(resp) && bli.getEffortLeft() == null) {
unassignedUsersMap.put(pro.getId() + "-" + resp.getId(), 1);
if (!nonAssignedUsers.contains(resp)) {
nonAssignedUsers.add(resp);
}
} else if (!projectAssignments.contains(resp) && bli.getEffortLeft().getTime() != 0) {
unassignedUsersMap.put(pro.getId() + "-" + resp.getId(), 1);
if (!nonAssignedUsers.contains(resp)) {
nonAssignedUsers.add(resp);
}
}
if (bli.getEffortLeft() == null) {
int numberOfUnestimatedBlis = 1;
if (unassignedBlisMap.get(pro.getId() + "-" + resp.getId()) != null) {
numberOfUnestimatedBlis =
unassignedBlisMap.get(pro.getId() + "-" + resp.getId()) + 1;
}
unassignedBlisMap.put(pro.getId() + "-" + resp.getId(), numberOfUnestimatedBlis);
}
}
}
}
int unassignedUsers = allUsers.size() - assignedUsers;
String userDataString = "" + assignedUsers;
EffortSumData loadData = new EffortSumData();
loadData.setEffortHours(ongoingBliLoadLeft);
loadData.setNonEstimatedItems(unestimatedBlis);
String loadLeftString = loadData.toString();
summaryLoadLeftMap.put(pro, loadLeftString);
userDataMap.put(pro, userDataString);
unassignedUserDataMap.put(pro, unassignedUsers);
assignmentMap.put(pro, new ArrayList<User>(this.backlogBusiness.getUsers(pro, true)));
nonAssignmentMap.put(pro, nonAssignedUsers);
}
for (String key : keySet) {
String value = loadLeftData.get(key);
// Fetch aftime-value and non-estimated items to a
// EffortSumData-object to get correct output string.
AFTime aftimeValue = new AFTime(0);
if (value != null) aftimeValue = new AFTime(value);
int userUnestimatedBlis = 0;
if (unassignedBlisMap.get(key) != null) userUnestimatedBlis += unassignedBlisMap.get(key);
EffortSumData sumData = new EffortSumData();
sumData.setEffortHours(aftimeValue);
sumData.setNonEstimatedItems(userUnestimatedBlis);
value = sumData.toString();
loadLeftData.put(key, value);
}
data.setUnassignedUsers(unassignedUsersMap);
data.setAssignedUsers(assignmentMap);
data.setSummaryUserData(userDataMap);
data.setSummaryUnassignedUserData(unassignedUserDataMap);
data.setSummaryLoadLeftData(summaryLoadLeftMap);
data.setLoadLefts(loadLeftData);
data.setUserOverheads(userOverheads);
data.setTotalUserOverheads(totalUserOverheads);
data.setNonAssignedUsers(nonAssignmentMap);
}
@Override
public String intercept(ActionInvocation invocation) throws Exception {
// System.out.println("URL: " + ServletActionContext.getRequest().getRequestURL().toString());
HttpServletRequest req = ServletActionContext.getRequest();
String actionName = ServletActionContext.getActionMapping().getName();
User loggedUser =
SecurityUtil
.getLoggedUser(); // SecurityUtil.getLoggedUser() can't get all needed information of
// user -> should retrieve by making new user.
User user = userBusiness.retrieve(loggedUser.getId());
boolean admin = user.isAdmin();
boolean readOnly = user.getName().equals("readonly");
boolean access = false;
if (admin) {
// if admin, everything is fine
access = true;
} else if (readOnly) {
// check read only operations
if (actionName.equals("ROIterationHistoryByToken")
|| actionName.equals("ROIterationMetricsByToken")
|| actionName.equals(("ROIterationData"))) {
access = true;
}
} else {
if (actionName.equals("createTeam")
|| actionName.equals("deleteTeam")
|| actionName.equals("deleteTeamForm")
|| actionName.equals("storeTeam")
|| actionName.equals("storeNewTeam")) {
// these are admin-only operations
access = false;
} else if (actionName.equals("storeUserAndRedirect")) {
Map params = req.getParameterMap();
boolean attemptAdmin = params.containsKey("user.admin");
int id = Integer.parseInt(((String[]) params.get("userId"))[0]);
if (id == user.getId() && !attemptAdmin) {
access = true;
}
} else if (actionName.equals("storeUser")) {
// check if ID is of current user, and what is being stored
// can't set user.admin or team
Map params = req.getParameterMap();
boolean attemptAdmin = params.containsKey("user.admin");
boolean attemptTeam = params.containsKey("teamsChanged") || params.containsKey("teamIds");
int id = Integer.parseInt(((String[]) params.get("userId"))[0]);
if (id == user.getId() && !attemptAdmin && !attemptTeam) {
// check not setting user.admin
access = true;
}
} else if (actionName.equals("storeNewUser")) {
Map params = req.getParameterMap();
boolean attemptToCreateNonAdmin =
params.containsKey("user.admin")
&& ((String[]) params.get("user.admin"))[0].equals("false");
// Non admins can create only other non admin users
if (attemptToCreateNonAdmin) {
// Non admins can only add new users to their teams
if (params.containsKey("teamIds")) {
Set<String> myTeamIds = new HashSet<String>();
for (Team team : user.getTeams()) {
myTeamIds.add("" + team.getId());
}
String[] teamIds = (String[]) params.get("teamIds");
Set<String> newUserTeamIds = new HashSet<String>();
for (String teamId : teamIds) {
newUserTeamIds.add(teamId);
}
if (myTeamIds.containsAll(newUserTeamIds)) {
access = true;
}
} else {
access = true;
}
}
} else if (actionName.equals("retrieveAllProducts")
|| actionName.equals("retrieveAllSAIterations")) {
// access matrix operations
access = false;
} else if (actionName.equals("storeNewIteration") || actionName.equals("storeNewProduct")) {
// these are operations available to everyone
access = true;
} else if ((actionName.equals("retrieveBranchMetrics")
|| actionName.equals("getStoryHierarchy"))
&& req.getParameterMap().containsKey("storyId")) {
Map params = req.getParameterMap();
int storyId = Integer.parseInt(((String[]) params.get("storyId"))[0]);
Story story = storyBusiness.retrieve(storyId);
if (story.getIteration() != null) {
access =
this.authorizationBusiness.isBacklogAccessible(story.getIteration().getId(), user);
}
if (!access && story.getBacklog() != null) {
access = this.authorizationBusiness.isBacklogAccessible(story.getBacklog().getId(), user);
}
} else {
// Default case: Try to find a backlog id of some kind to check.
Map params = req.getParameterMap();
int id = -1;
if (params.containsKey("iterationId"))
id = Integer.parseInt(((String[]) params.get("iterationId"))[0]);
else if (params.containsKey("backlogId"))
id = Integer.parseInt(((String[]) params.get("backlogId"))[0]);
else if (params.containsKey("productId"))
id = Integer.parseInt(((String[]) params.get("productId"))[0]);
else if (params.containsKey("projectId"))
id = Integer.parseInt(((String[]) params.get("projectId"))[0]);
else if (params.containsKey("taskId")) {
int taskId = Integer.parseInt(((String[]) params.get("taskId"))[0]);
Task task = taskBusiness.retrieve(taskId);
if (task.getIteration() != null) id = task.getIteration().getId();
else if (task.getStory().getIteration() != null)
id = task.getStory().getIteration().getId();
else id = task.getStory().getBacklog().getId(); // story in project/product w/a iteration
} else if (params.containsKey("storyId")) {
int storyId = Integer.parseInt(((String[]) params.get("storyId"))[0]);
Story story = storyBusiness.retrieve(storyId);
if (story.getIteration() != null) {
id = story.getIteration().getId();
} else {
id = story.getBacklog().getId();
}
}
boolean attemptTeam = params.containsKey("teamsChanged");
if (!attemptTeam) {
if (id != -1
&& !(id == 0 && actionName.equals("retrieveSubBacklogs") && params.size() == 1))
access = this.authorizationBusiness.isBacklogAccessible(id, user);
else
// Operations without ids must be allowed
access = true;
}
}
}
if (access) return invocation.invoke();
else return "noauth";
}